Qualitative Assessment Review Guidelines

for Investigative Operations of

Federal Offices of Inspector General

December 2011

Council of the Inspectors General on Integrity and Efficiency

Authority: Section 11 of the Inspector General Act of 1978 (5 U.S.C. app. 3.), as amended.

Mission: The mission of the Council of the Inspectors General on Integrity and Efficiency (CIGIE) shall be to address integrity, economy, and effectiveness issues that transcend individual Government agencies and increase the professionalism and effectiveness of personnel by developing policies, standards, and approaches to aid in the establishment of a well-trained and highly skilled workforce in the Offices of Inspectors General.

CIGIE Investigations Committee: The Committee contributes to improvements in program integrity, efficiency, and cost effectiveness Governmentwide by providing analysis of investigative issues common to Federal agencies. The Committee provides the CIGIE community with guidance, support, and assistance in conducting high-quality investigations. Provides input to the CIGIE Professional Development Committee and the Training Institute on the training and the development needs of the CIGIE investigations community. The Committee actively engages the Assistant Inspector General for Investigations Committee to assist in carrying out the Committee's goals and strategies.

Message From the Chairman of the CIGIE Investigations Committee

I am pleased to present the Quality Assurance Review (QAR) Guidelines for Investigative Operations of Federal Offices of Inspector General (OIGs). Throughout this version, you will note minor changes for clarification. However, the most significant addition is a definitional framework to assist QAR teams in evaluating their results and arriving at a peer review rating.

The purpose of the QAR program, or investigation peer review, is to ensure that Council of the Inspectors General on Integrity and Efficiency (CIGIE) Quality Standards for Investigations (QSI) are followed and that law enforcement powers conferred by the 2002 amendments to the Inspector General Act (IG Act) are properly exercised.

Each OIG is required to implement and maintain a system of quality control for its investigative operations. The nature, extent, and formality of such a system will vary based on the OIG’s circumstances. The system of quality control encompasses the OIG’s leadership, with an emphasis on performing high-quality work, compliant with required standards.

In conducting a particular QAR, the review team renders an opinion on adequacy of a given OIG’s internal safeguards, management procedures, and quality control in connection to compliance with the IG Act, QSI, and law enforcement powers.

I want to thank the Assistant IG for Investigations (AIGI) Working Group for their diligence in revising these Guidelines with input from the AIGI community. I also want to thank the Investigations Committee for their review and support in finalizing the QAR Guidelines. The members of the AIGI Working Group and of the Investigations Committee are listed in Appendix D.

Carl W. HoeckerChairman, Investigations CommitteeCIGIE

Table of Contents Page

PREFACE 1

GENERAL CONSIDERATIONS 2Applicability of Appendices 2Background 3Objectives of Investigative Qualitative Assessment Review (QAR) Program 3Management and Oversight of CIGIE QAR Program 4Review Team Staffing and Qualifications 5Independence 5Confidentiality and Security 5Due Professional Care 6Self-Inspection Programs 6

PLANNING AND PERFORMING THE INVESTIGATIVE CIGIE QAR REVIEW 6Scope 6Approach 7 Pre-Site Review Steps 7Working Environment 8Review Schedule 8Entrance Briefing 9Sample Selection 9Defining and Identifying Observations, Findings, Deficiencies, and Significant Deficiencies 11QAR Rating Options 12Views of Responsible Officials 13Exit Conference 13

REPORTING REVIEW RESULTS 13Opinion Letter 13Observations Letter 14Views of Responsible Officials 15Dispute Resolution 15Letter Distribution 16Files Maintenance 16

ACKNOWLEDGEMENTS 17

APPENDICESA Qualitative Assessment Review Organizational Profile B Questionnaire for Review of Law Enforcement Powers ImplementationC-1 Questionnaire for Review of Compliance with the CIGIE Quality Standards for Investigations C-2 Questionnaire for Review of Compliance with Quality Standards for Investigations (Digital Forensics Activities)D-1 CIGIE Peer Review Individual Closed Case Review ChecklistD-2 CIGIE Peer Review Case Review Summary ChecklistE Sample Formats for Quality Assessment Review ReportsF Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority G-1 Attorney General’s Guidelines for Domestic FBI OperationsG-2 Cover Memo—Attorney General’s Guidelines for Domestic FBI Operations H Attorney General’s Guidelines Regarding the Use of Confidential InformantsI CIGIE Quality Standards for InvestigationsJ CIGIE Guidelines on Undercover Operations

i

PREFACE This document articulates standards and guidance for conducting the Council of the Inspectors General on Integrity and Efficiency (CIGIE) Quality Assessment Reviews (QAR) of the investigative operations of Offices of Inspector General (OIGs). It was initially developed, and subsequently updated, by the CIGIE Investigations Committee to establish an independent external review process to:

1. Ensure that the general and qualitative standards adopted by OIGs comply with

the requirements of the Quality Standards for Investigations (QSI) adopted by CIGIE and its predecessors, PCIE and ECIE. This compliance will be assessed for all CIGIE organizations.

2. Ascertain whether adequate internal safeguards and management procedures

exist to ensure that the law enforcement powers conferred by the Inspector General Act, as amended (IG Act), are properly exercised by OIGs with such authority, pursuant to Section 6(e) of the IG Act and the “Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority.”

Each OIG is required to implement and maintain a system of quality control for its investigative operations. The system of quality control encompasses the OIG’s leadership, with an emphasis on performing high-quality work. The policies and procedures of each OIG should be designed to provide reasonable assurance of complying with professional standards and applicable legal and regulatory requirements. The nature, extent and formality of an OIG’s system of quality control will vary based on the OIG’s circumstances. Each OIG must develop and document its quality control policies and procedures in accordance with its agency and individual OIG requirements, then communicate those policies and procedures to its personnel.

These guidelines may be adapted for organizations’ internal reviews (self assessments) within the CIGIE community. It also provides guidelines for reviewing investigative processes and records maintenance in any investigative operation.

1

GENERAL CONSIDERATIONS

1. Applicability of Appendices. The following questionnaires and checklists were

developed to assist in conducting the review of an organization. Appendix A is a profile sheet of administrative data about the organization being

reviewed.

Appendix B is a questionnaire to assess whether adequate internal safeguards and management procedures exist within those OIGs that exercise law enforcement powers pursuant to Section 6(e) of the IG Act and the “Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority.”

Appendix C-1 is a questionnaire to assess compliance with the general and qualitative standards outlined in the CIGIE QSI. Appendix C-2 is a questionnaire to assess conformity with digital forensics activities.

Incorporation of Appendix C-2 (a review of digital forensics activities) is not mandatory. It is an “opt-in” feature of a peer review. If the OIG organization being reviewed has computer forensic capability, it may, prior to commencement of the review, opt to have its digital forensics activities reviewed. If an organization does opt in, the results of the digital forensics review will be included in the overall assessment of the OIG organization. Please note that regardless of an organization’s decision to opt in, or out, of a digital forensic review, the investigative operations of information technology and computer-related units will be reviewed relative to the QSI (planning, execution and reporting) and Attorney General’s Guidelines, where appropriate. Appendix C-2 involves an additional review step—focusing on the technical aspects of digital forensics activities. If the OIG organization conducting the peer review does not have in-house personnel with computer forensic capability to conduct the review, it may seek assistance from other CIGIE OIG organizations.

Appendix D-1 and D-2 are individual and summary checklists, respectively, used to sample closed investigative case files when testing the degree of compliance with the Attorney General’s Guidelines and/or the QSI mentioned above.

Appendix E includes sample formats for reporting CIGIE QAR findings.

Appendix F is the “Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority.”

Appendix G-1 is the “Attorney General’s Guidelines for Domestic FBI Operations.”

2

Appendix H is the “Attorney General’s Guidelines Regarding the Use of Confidential Informants.”

Appendix I is the “CIGIE Quality Standards for Investigations,” dated December 2003. 1

Appendix J is the “CIGIE Guidelines on Undercover Operations,” dated February 2010.

2. Background. These guidelines are based primarily on the IG Act, the QSI (December 2003) and the “Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority” (December 8, 2003).

The IG Act has established statutory OIGs in over 70 Federal establishments and entities, including all cabinet departments and Federal agencies, boards, commissions, corporations, and foundations and agencies of the Legislative Branch. The QSI categorizes investigative standards as General and Qualitative. General Standards address qualifications, independence, and due professional care. Qualitative Standards focus on investigative planning, execution, reporting, and information management. The “Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority” govern the exercise of statutory police powers by Inspectors General and eligible employees and the role of Federal prosecutors in providing guidance in the use of sensitive criminal investigative techniques.

3. Objectives of the Investigative QAR Program. The overall objective of a QAR is to determine whether internal control systems are in place and operating effectively to provide reasonable assurance that an OIG is complying with professional investigative standards, as well as other requirements. This assessment program is intended to be positive and constructive rather than negative or punitive. With this in mind, the review team is encouraged to identify “best practices” or similar notable positive attributes of the organization. Additionally, the review team should view favorably on-the-spot corrections to non-systemic potential weaknesses. Further, the team must consider the extent to which the reviewed OIG had/has control over a potential weakness (e.g., agency is responsible for a particular process such as inventory control, encryption, background investigations, etc.).

These guidelines are applicable to a diverse set of Federal and non-Federal organizations, including all cabinet departments, Federal agencies, boards, commissions, corporations and foundations, and Legislative Branch agencies. Reviewing OIGs should be cognizant of the structure of the organization they are

1 The 2003 edition of the Quality Standards for Investigations were published by the President’s Council on Integrity and Efficiency (PCIE) and the Executive Council on Integrity and Efficiency (ECIE). These entities were replaced in the Inspector General Reform Act of 2008 (P.L. 110-409) by the Council of the Inspectors General on Integrity and Efficiency.

3

reviewing and how that OIG has adapted QSI and other professional standards to the unique circumstances of that respective department or agency. As such, reviewing OIGs may adapt the guidelines, as appropriate.

. 4. Management and Oversight of CIGIE QAR Program. The CIGIE Investigations

Committee has responsibility for overall management and oversight of the CIGIE QAR process. This Committee will resolve all issues that cannot be mutually agreed upon by the CIGIE QAR team and any OIG being reviewed. The Chairperson of the CIGIE Investigations Committee is responsible for establishing a schedule to ensure that OIGs with statutory law enforcement authority pursuant to Section 6(e) of the Inspector General Act are subject to a CIGIE QAR no less than once every three years.

The selection of assessment partners must be done in a manner that ensures the integrity of the peer review process. Peer reviewers must be free, both in fact and appearance, from impairments to independence. An OIG that received a noncompliant QAR rating will be deemed unqualified to conduct a QAR of another OIG until that OIG receives a compliant rating. Generally speaking, where feasible, assessment partners will be of similar size and have similar law enforcement powers. The Investigations Committee will coordinate its scheduling efforts with the CIGIE Audit Committee. The CIGIE QAR schedule should be updated and distributed with sufficient lead time to ensure OIGs are able to plan their participation. Absent unique circumstances, participating agencies (reviewer and reviewed) should be made aware of future peer reviews at least 1 year in advance. The OIGs involved in a specific peer review may, upon mutual agreement, accelerate or delay a review by one calendar quarter without prior approval by the Investigations Committee. The Chair of the Assistant Inspector General for Investigations (AIGI) subcommittee is responsible for resolving scheduling conflicts or issues that may arise.

Newly established OIGs or those that do not have statutory law enforcement authority are strongly encouraged to participate voluntarily in an investigative peer review every three years. OIGs that seek and obtain 6(e) authority from the Attorney General must immediately initiate steps to adhere to “Attorney General’s Guidelines for Offices of Inspector General with Statutory Law Enforcement Authority.” Compliance with these guidelines will be evaluated during their next scheduled peer review but not sooner than 3 years following the granting of the authority. Thus, those OIGs should request the Investigations Committee add their office to the QAR schedule.

The function of the CIGIE QAR is considered inherently governmental. The process must be handled within the Inspector General (IG) community and not contracted externally.

5. Review Team Staffing and Qualifications. Conducting a CIGIE QAR review

4

requires considerable professional judgment and leadership. The CIGIE QAR team will consist of a team leader with appropriate investigative background and experience. It is recommended, but not mandated, that the team leader be at or above the GS-15 grade level, or equivalent. The rest of the team will consist of OIG investigators and an administrative support staff from one or more OIGs, as deemed necessary. The team size and composition may vary depending on a number of factors including, but not limited to: the size and geographic dispersion of the OIG being reviewed; changes in organizational structure, control and leadership; and the number, type and importance of reports issued at each field location or satellite office.

If the organization under review handles classified information, members of the assessment team must have the appropriate level of security clearance(s) to permit a complete CIGIE QAR without undue limitation on the quality of the review.

6. Independence. The review team members and their senior management should meet the independence standards in the “Quality Standards for Federal Offices of Inspector General” and the CIGIE QSI. To avoid any appearance of bias, care should be taken to ensure that the CIGIE QAR team members do not have relationships with the officials in the OIG being reviewed that would be viewed as lacking impartiality by knowledgeable third parties. The CIGIE QAR team members should not have been recent employees of the OIG being reviewed. The OIG managing a CIGIE QAR cannot review an office that conducted its most recent CIGIE QAR or CIGIE audit peer review. Questions or concerns related to the composition of a particular QAR team should first be raised with the IG of the review team. If these issues cannot be resolved, they can be raised with the CIGIE Investigations Committee.

7. Confidentiality and Security. The CIGIE QAR team should safeguard all privileged, confidential and national security or classified information in compliance with applicable laws, regulations and professional standards.

All matters discussed, materials assembled, documents prepared and reports generated through an external CIGIE QAR should, at a minimum, be treated as proprietary information and maintained appropriately. To the extent possible, privileged and confidential information, such as names and other personally identifying information, should not be recorded in reports issued by the CIGIE QAR team. The team leader must ensure that the team complies with relevant professional guidance on the use, protection and reporting of information such as classified material, Internal Revenue Service tax information and protection of grand jury material and information. It is possible that the review team may not be granted access to sensitive material because of legal restrictions. If this situation occurs, the review team should review

5

the system related to the maintenance and protection of information to determine the adequacy of established procedures. Discussion among review team members of any information obtained during an external review is limited to a need-to-know basis.

8. Due Professional Care. The review team should strive to achieve quality

performance by exercising due professional care and sound professional judgment in planning, performing and reporting the results of the review.

9. Self-Inspection Programs. Some OIGs have an internal self-inspection program. If so, the OIG being reviewed will furnish a copy of any internal self-inspection reports that have been completed since the last peer review to the new CIGIE QAR team. The reviewed OIG may provide the QAR team with a copy of the self-inspection report before the onsite review. Additionally, the reviewed OIG may limit disclosure to only those portions that relate to areas covered by the peer review. Removal and/or copying of the internal report may be restricted by the reviewed OIG. The QAR team may consider information from the self-inspection program; however, such information will not be the sole basis for the overall QAR rating.

PLANNING AND PERFORMING THE INVESTIGATIVE CIGIE QAR REVIEW As stated above, the objective of a QAR is to determine whether internal safeguards and management procedures are in place and operating effectively to provide reasonable assurance that established policies, procedures and applicable investigative standards are being followed. In making this determination, the CIGIE QAR team will analyze existing policies and procedures, conduct interviews with selected management officials and the investigative staff, and sample closed investigative files and other administrative records, as warranted. The documentation required for a full peer review is completion of the CIGIE QAR Appendices A, B (if applicable), C-1, C-2 (if applicable), D-1, and D-2. For agencies not governed by the law enforcement powers conferred by the 2002 amendments to the Inspector General Act (Section 6(e)), the scope of the review may be limited or expanded based on the agreement of the reviewed organization and the CIGIE QAR team leader.

1. Scope.

Appendix A – This section is an organizational profile of the office being reviewed. Appendix B – If applicable, this section of the CIGIE QAR assesses whether an organization meets the requirement of statutory law enforcement implementation. An OIG that received statutory law enforcement powers under legislation other than Section 6 of the IG Act may be reviewed in accordance with its criteria.

6

Appendix C-1/C-2 – This portion of the CIGIE QAR process tests an office’s general conformity with the CIGIE QSI.

Appendix D-1/D-2 – This portion of the CIGIE QAR includes checklists for sampling closed investigative files for their compliance with applicable law enforcement standards and the CIGIE QSI.

Answers to certain questions in appendices B, C-1 and D-1 may not be readily available or apparent based on available documentation and information. In these instances, the peer review team should assess whether there is clear, specific and articulable information in the case file or from other sources it has reviewed to suggest the standard was violated. In the absence of such information, the appropriate answer is “yes” to the corresponding question indicating “in compliance.”

2. Approach. Review team members should be knowledgeable of all facets of an investigation and use prudent judgment when evaluating compliance with the Inspector General Act, the CIGIE QSI, applicable law enforcement guidelines and OIG policies and procedures. To the extent possible, teams will review offices with similar law enforcement authorities and structures.

Generally, review teams will be assessing the following:

Whether the organization has policies, procedures or programs in place to facilitate compliance with the Attorney General’s Guidelines and/or the CIGIE QSI.

Whether the organization has policies, procedures or programs in place to facilitate the identification and correction of non-compliance.

Whether the organization complies with the above policies, procedures or programs.

3. Pre-Site Review Steps. The organization being reviewed will complete Appendix A in its entirety and only the “Reviewed Agency Policy/Manual Reference” column of Appendix B (if applicable) and Appendix C-1 as well as Appendix C-2 (if applicable). Hyperlinking responses to relevant document cites is optional, but encouraged. It is preferable that this documentation be furnished electronically to the CIGIE QAR team for analysis before a site visit begins. The review team should always consider obtaining and reviewing relevant policy and procedural documentation to save time on site.

In advance of a peer review, the reviewed OIG should indicate with an “N/A” those questions that do not apply to the organization. OIGs are strongly encouraged to provide explanatory comments for any questions it feels warrant “N/A.” These comments will aid the assessment by the reviewing organization.

7

Examples of references and other documentation that should be available for the review team to examine prior to the onsite review include:

a. Manuals, Policy Statements and Handbooks – pertinent documents describing

the operational policies and procedures.

b. Semiannual Reports to Congress – at least the four most recent semiannual reports to Congress. (The semiannual reports will provide information regarding the nature and volume of investigative work being performed. The reports may also assist the review team in identifying closed case files to be reviewed.)

c. A copy of the office’s last CIGIE QAR report and a summary of the corrective action taken in response to CIGIE QAR findings.

d. Closed Case Inventory – a listing of the cases closed during the past 12 months. (This listing should include information such as the case identifiers; dates the investigations were opened and closed; case types (e.g., employee integrity or procurement fraud); referral dates; disposition; types of action taken; hours charged; and grade levels of the investigators.)

e. Self-Inspection Report – a copy (or appropriate portions) of self-inspection or internal evaluation reports conducted by the organization may be provided in advance or held until the onsite visit.

Requests for information should be submitted to the OIG being reviewed approximately 60 to 90 calendar days before the onsite review begins.

4. Working Environment. Before beginning the on-site work, the CIGIE QAR team leader should arrange with the reviewed agency to have adequate workspace for the review team. The AIGI, or a designee, should facilitate the coordination of logistics for the CIGIE QAR team and in obtaining requested materials.

5. Review Schedule. The CIGIE QAR will be scheduled by mutual agreement

between the review team and the agency to be reviewed. Once a tentative schedule is established, the reviewing organization should send the reviewed organization an engagement letter modeled on the example in Appendix E. The size of the organization or level of detail of the review may impact the time required to complete a review.

The goal of the review team should be to complete a QAR efficiently. Therefore, the following timeframes are provided as general guidance:

8

Action Item Recommended Timeframe

(calendar days)Appointment of CIGIE QAR team leader and selection of review team.

90 days before the site review

Send engagement letter to reviewed organization.

90 days before the site review

Conduct pre-site review and request necessary information from office being reviewed.

60 to 90 days before the on-site review begins

Conduct on-site review. 5 to 10 days

Complete the draft CIGIE QAR report and submit the draft report to the reviewed office for comment in an exit conference.

30 days after completing the on-site review

Allow offices being reviewed to comment on the draft report.

15 days upon receipt of report

Finalize CIGIE QAR report and related documents and distribute.

15 days after receipt of comment(s) by reviewed office

Memorandum from reviewed agency on the status of corrective actions it committed to implement.

60 days after issuance of final report

6. Entrance Briefing. An entrance briefing will be conducted with the IG or designee of the OIG being reviewed. The senior investigations personnel from each field office reviewed should be invited to attend the entrance briefing. This meeting provides an opportunity to outline the objectives of the CIGIE QARs, review the methodology and address any areas of management concern.

7. Sample Selection. It may be prohibitive in terms of time and resources for the review team to examine each field location and the entire population of OIG records to answer specific items in the appendices.

The selection of field locations (satellite offices) included in the review involves the exercise of considerable professional judgment. The review team should strive to include offices that are representative of the OIG with greater weight given to locations with a lower level of centralized control. If prior internal inspections show a location had problems in the past, the team may want to review a sample of that location’s work to ensure that corrective actions have been implemented and, if so, if they were effective.

9

Factors to be considered in selecting the field location(s) to be reviewed include the following:

Number, size and geographic dispersion of field offices Changes in organizational structure, control and leadership Number, type and importance of reports issued by location Degree of centralized control over field locations Results of prior internal inspection reports or other external reviews The need to verify the results of internal inspection reports

Due to the sensitive and dynamic nature of active investigations, it is recommended that the review team sample closed cases during the CIGIE QAR (see Appendix D-1/D-2). In determining the number of closed cases in the sample, it should be kept in mind that the objective of the CIGIE QAR is to obtain information regarding the performance of the OIG overall, not each individual office. Therefore, team leaders should not feel that they need to select a certain number of reports at each location; rather, to the extent possible, the sample selection should facilitate the review of a cross-section of investigation types performed by the OIG staff at the location (e.g., procurement fraud, environmental crimes, technology crimes, traditional crimes, employee misconduct, etc.). Additionally, the review team may, at its discretion, review closed cases from prior years for further validation if the original sample is either too small or suggests potential significant deficiencies. However, the review team generally should not examine cases closed more than two years prior to the review.

The following guidance is furnished to assist the review team in determining the number of closed cases selected in the sample:

Number of Cases Closed

In the 12 Months Preceding On-site Work

Minimum Number of Closed Cases In the Sample

0-20 All Files

21 – 100 Cases 20 Closed Cases

101 – 500 Cases 30 Closed Cases

500 (or more) Cases 50 Closed Cases

The review team must apply a no-advance-notice policy in advising the OIG of the closed case files selected for review during the on-site visit, if legally possible.

Sampling may also be used to perform the following review steps: a. Reviewing documentation to determine whether investigators meet the basic

qualifications for investigators.

10

b. Review of training profiles, or the equivalent, to ensure investigators maintain their investigative and law enforcement skills.

8. Defining and Identifying Observations, Findings, Deficiencies, and Significant Deficiencies. Determining the relative importance of matters noted during the peer review, individually or combined with others, requires professional judgment. Careful consideration is required in forming conclusions. This includes assessing the nature, cause(s), pattern and pervasiveness of an issue.

The descriptions that follow are intended to assist in aggregating and evaluating the peer review results, forming conclusions and determining the rating of the peer review report to issue:

a. Observation. An “observation” generally occurs when one or more “No” answers are recorded for questions in a peer review checklist (e.g., Appendices B, C and D).

b. Finding. A “finding” is one or more related observations that result from a condition in the organization’s system of quality control or compliance with it such that there is more than a remote possibility that the organization would not perform, or did not perform, in conformity with its policies and procedures, applicable professional standards or related requirements. A review team will assess whether one or more findings are a deficiency. If the review team concludes that no finding, individually or combined with others, rises to the level of deficiency, a report rating of compliant is appropriate (see below).

c. Deficiency. A “deficiency” is one or more findings that result from a condition in the organization’s system of quality control or compliance with it such that there is reasonable likelihood that the organization would not perform, or did not perform, in conformity with its policies and procedures, applicable professional standards or related requirements. A review team will assess whether one or more deficiencies constitute a significant deficiency. If the review team concludes that no deficiency, individually or combined with others, rises to the level of significant deficiency, a report rating of compliant is appropriate (see below). Deficiencies will be reported to the reviewed OIG with suggestions for improvement.

d. Significant Deficiency. A “significant deficiency” is one or more deficiencies that result from a condition in the organization’s system of quality control or compliance with it such that there is a high probability that the organization would not perform, or did not perform, in conformity with its policies and procedures, applicable professional standards or related requirements. A significant deficiency is generally limited to a material failure(s) to conform with critical elements of the CIGIE Quality Standards for Investigation and/or the Attorney General’s Guidelines for Statutory Law Enforcement Authority and related

11

requirements. A significant deficiency indicates a breakdown in practices, programs and/or policies that had an actual notable adverse impact on, or has a likelihood of materially affecting, the integrity of the investigative process (e.g., planning, conducting, reporting) or law enforcement operations (i.e., powers conferred by the IG Act). If the review team identifies one or more significant deficiencies, a report rating of noncompliant is appropriate. Significant deficiencies will be reported to the reviewed OIG with recommendations for correction and/or improvement.

In each of the above instances—observation, finding, deficiency and significant deficiency—the peer review team must consider the nature, causes, pattern, materiality, pervasiveness and relative importance to the issue or system of quality control as a whole. The OIG under review must be afforded the opportunity to provide explanatory or mitigating information prior to the review team reaching a conclusion.

The following circumstances generally do not give rise to a noncompliant finding:

Issues were found in a limited number of case files or at one of several sites reviewed;

An issue existed in an area outside the exclusive or substantial control of the OIG;

The reviewed OIG lacked stand-alone internal written policy but, in practice, complied with applicable standards; and,

The organization violated its own internal policy, but has complied with the CIGIE QSI and the Attorney General’s Guidelines (e.g., internal policy documents require training at a shorter interval than it actually conducts, but its practice, although violating its policy, is consistent with the QSI and Attorney General’s Guidelines).

9. QAR Rating Options. The CIGIE QAR team has the following two options for assessing an OIG’s overall performance:

Rating Explanation

Compliant A rating of “compliant” conveys that the reviewed organization has adequate internal safeguards and management procedures to ensure that CIGIE standards are followed and that law enforcement powers conferred by the IG Act are properly exercised (for applicable agencies). An OIG with one or more significant deficiencies may not receive a compliant rating.

12

Rating Explanation

Noncompliant A rating of non-compliance indicates a breakdown in practices, programs and/or policies that had an actual notable adverse impact on, or has a likelihood of materially affecting, the integrity of the investigative process (e.g., planning, conducting, reporting) or law enforcement operations (i.e., powers conferred by the IG Act).

10.Views of Responsible Officials. CIGIE QAR assessments must be both complete and fair. Exaggeration of an issue’s significance must be avoided. One way to ensure the objectiveness, accuracy, and completeness of the findings is to obtain the views of responsible officials prior to finalizing the assessment. When tentative observations, findings or deficiencies are found, the team must discuss the situation with the appropriate responsible official(s) designated by the reviewed OIG during the review. On-the-spot corrections will be viewed favorably, but must be completed prior to the issuance of the final report. Depending on the gravity of the matter corrected on the spot, the issue—and corresponding corrective action—may be discussed in either the opinion letter or letter of observations. All preliminary observations, findings, deficiencies or significant deficiencies must be presented during the review to the official(s) designated by the reviewed OIG prior to issuing the draft report. This action will help avoid any misunderstandings and aid in ensuring that all facts are considered before a formal draft report is prepared.

11.Exit Conference. The review team must prepare and present the draft report to the

IG and other members of the senior management team at the conclusion of the on-site visit.

REPORTING REVIEW RESULTS

The QAR Report consists of an Opinion Letter and an optional Observations Letter. See Appendix E. 1. Opinion Letter. This letter is prepared by the CIGIE QAR team and furnished to the

IG of the reviewed organization. The body of the opinion letter contains information such as:

a. Scope of the review, including any limitations thereon, and any expansion of the

review beyond the basic review guide, if applicable. b. Description of the review methodology, including the field offices visited and a

listing, by case number, of each investigative file reviewed.

13

c. The review team’s opinion regarding the compliance or non-compliance with

CIGIE QSI and applicable law enforcement standards. d. An explanation of review team actions taken in response to the OIG’s official

comments to the draft report.

If a rating of noncompliant is reported, all significant deficiencies that served as the basis for the rating must be included in an attachment. The significant deficiencies must be supported by clear and convincing evidence of noncompliance, as well as a specific listing of the standard(s) violated.

A non-complaint rating will also be accompanied by recommendations for corrective action and/or improvement. Such recommendations for corrective action and/or improvement should be discussed with the reviewed OIG prior to finalizing the opinion letter. The review team will work closely with the Investigations Committee to determine if the reviewed OIG will be required to provide periodic updates on the status of implementing recommendations. The timing and form of such updates, and to whom they will be provided, will also be determined in coordination with the CIGIE Investigations Committee. Recommendations will be closed upon mutual agreement between the Investigations Committee and reviewed OIG. They will remain open or not fully implemented until that time. The Investigations Committee will review and resolve disputes in this area. Significant deficiencies and associated recommendations may be reportable in an organization’s Semiannual Report to Congress.

2. Observations Letter. A supplemental observations letter may optionally be furnished to the IG of the reviewed office. Observations may fall into two categories:

a. “Best Practices” or similar notable positive attributes of the organization. In keeping with the constructive nature of the CIGIE QAR program, the reviewing agency will highlight practices, policies, programs, accomplishments, etc., that are particularly worthy of praise or acknowledgement. Examples include, but are not limited to, a comprehensive management development program, an advanced management information system and quality report writing and reviewing process.

In coordination with the reviewed agency, the team should report particularly noteworthy accomplishments found during the review to the CIGIE Investigations Committee for dissemination. Other OIGs may benefit from this information. This may be done in a separate letter from the team leader to the Committee.

b. Areas for Improvement or Increased Efficiency/Effectiveness. Peer review teams may offer suggestions for improvement or increased efficiency/effectiveness based on observations, findings and deficiencies identified. The reviewing team will identify a specific applicable Quality Standard or Attorney General’s Guideline as a benchmark. Isolated instances of policy or

14

procedural nonconformity, or non-systemic events or conditions, are included here. For example, a review team could identify policies or programs that are inconsistent with applicable standards. Implementation of the suggestions is done at the discretion of the reviewed OIG and will not be tracked or monitored by the review team.

3. Views of Responsible Officials. The OIG being reviewed must be afforded an opportunity to comment on the formal draft report prior to the issuance of a final assessment report. All material facts provided by the reviewed organization must be considered by the review team to determine whether the initial comments included in the draft report should be revised.

4. Dispute Resolution. The reviewed OIG may seek informal advice and guidance from the Investigations Committee regarding any concerns about draft findings or deficiencies. The IG of the reviewed organization may formally refer a dispute about a draft significant deficiency to the CIGIE Investigations Committee for review and resolution, if the IG cannot resolve the matter with the CIGIE QAR team. The IG of the reviewed organization should provide the Investigations Committee: (a) a copy of the draft CIGIE QAR report and attachments, (b) the reviewed organization’s response to the draft CIGIE QAR findings, and (c) a written summary of the material facts regarding the disagreement.

The Investigations Committee should work with the OIG being reviewed and the CIGIE QAR team leader to resolve the dispute. A range of options are available to the Investigations Committee. For example, the Investigations Committee may elect to: (a) accept the CIGIE QAR team’s initial conclusion related to a significant deficiency; (b) accept the reviewed organization’s explanations; (c) request the CIGIE QAR review team conduct additional work to facilitate the resolution of the disagreement; (d) form a new CIGIE QAR team tasked with conducting further review of the disputed findings; or (e) other options not specifically anticipated here.

As mentioned previously, the Investigations Committee should be furnished a copy of each final CIGIE QAR report conducted in CIGIE organizations. If the reviewed organization receives an overall opinion rating of “noncompliance,” the organization must provide the Investigations Committee a detailed corrective action plan to bring the organization into compliance with professional standards. Where appropriate, this plan will be made available to the U.S. Department of Justice upon request. An organization receiving an overall noncompliance rating will not be allowed to conduct CIGIE QAR reviews at other agencies until the corrective action plan has been developed and the CIGIE Investigations Committee has approved its implementation.

15

5. Letter Distribution. The review team will distribute the final peer review results as follows:

a. Reviewed OIG: Original Opinion Letter and Observations Letter(s).

b. CIGIE Investigations Committee: Copies of Opinion Letter (including attachments) and Observations Letter(s) will be sent to:

Executive DirectorCouncil of the Inspectors General on Integrity and Efficiency1717 H Street, NW, Suite 825Washington, DC 20006

c. Attorney General: Copy of Opinion Letter, including any attachments, only for those agencies that receive their law enforcement authority pursuant to Section 6(e) of the IG Act. This letter will be sent directly to the Attorney General at:

U.S. Department of JusticeAttn: Attorney General (CIGIE Investigative Peer Review)950 Pennsylvania Avenue, NWWashington, DC 20530-0001

Additionally, consistent with the CIGIE Quality Standards for Federal Offices of Inspector General, a reviewed OIG may provide a copy of the final letters resulting from the CIGIE QAR to the head of the agency or department and/or make the results publicly available.

6. Files Maintenance. All files, records, notes, memoranda or other documents obtained from the office reviewed will be returned after issuing the final report. The OIG conducting the CIGIE QAR should retain a copy of the final report and supporting appendices. It is recommended that these documents be retained by the reviewing OIG for at least two review cycles.

The OIG conducting the CIGIE QAR will institute a record retention policy in accordance with guidelines established by the National Archive and Records Administration. All requests for access to the CIGIE QAR files, to include Freedom of Information Act (FOIA) and Privacy Act (PA) requests, must be processed in consultation with the reviewing and reviewed IG and the CIGIE Executive Director.

16

ACKNOWLEDGEMENTS

The individuals below were contributors for this revision of the QAR Guide.

The QAR working group consisted of the following AIGIs:

P. Brian Crane, AIGI, Treasury OIGPeggy L. Fischer, AIGI, NSF OIGJohn R. Hartman, DIG, DOE OIGKimberly A. McKinley, DIG for Investigations, OPM OIGDouglas J. Morgan, Jr., SAC, NSF OIGJames J. O'Neill, AIGI, VA OIGMichelle B. Schmitz, AIGI, OPM OIGWilliam R. Siemer, AIGI, USPS OIG Robert J. Walters. Acting DIG, CNCS OIG

Investigations Committee Members

Chair: Carl W. Hoecker IG, U.S. Capitol PoliceCo-chair: Eric M. Thorson IG, Treasury Department

Members: Lanie D’Alessandro IG, National Reconnaissance Office Charles K. EdwardsActing IG, Department of Homeland Security Arthur A. Elkins IG, Environmental Protection Agency Michael G. Carroll Acting IG, Agency for International

Development J. Russell George IG, Treasury Inspector General for Tax

Administration Peggy E. Gustafson IG, Small Business Administration Allison C. Lerner IG, National Science Foundation John P. McCarty Acting IG, Department of Housing and Urban Development

Brian D. Miller IG, General Services Administration George J. Opfer IG, Veterans Administration Jon T. Rymer IG, Federal Deposit Insurance Corporation Cynthia A. Schnedar Acting IG, Department of Justice Karl W. Schornagel IG, Library of Congress Kathleen S. Tighe IG, Department of Education

The following individuals contributed substantially to the final product:

William D. Hamel, AIGI, ED OIG/AIGI Committee Chair

17

Glenn P. Harris, General Counsel, SBA OIG

18